# HG changeset patch
# User asuess@dns.net.schlittermann.de
# Date 1281686977 -7200
# Node ID d1addc2ec71242b3b2e06e2842173cd5f442c6c9
# Parent  1cea0705612463da481498c1923a5c30a533274f
update-serial added to update-zone

diff -r 1cea07056124 -r d1addc2ec712 dnssec-creatkey
--- a/dnssec-creatkey	Thu Aug 12 10:18:58 2010 +0200
+++ b/dnssec-creatkey	Fri Aug 13 10:09:37 2010 +0200
@@ -273,3 +273,9 @@
     close(ZONE);
 
 }
+
+# "toucht" alle zonen damit der serial erhoht wird und die
+# zone neu signiert wird
+for ( &del_double( @change, @manu ) ) {
+	system "touch $master_dir/$_/$_";
+}
diff -r 1cea07056124 -r d1addc2ec712 dnssec-killkey
--- a/dnssec-killkey	Thu Aug 12 10:18:58 2010 +0200
+++ b/dnssec-killkey	Fri Aug 13 10:09:37 2010 +0200
@@ -38,6 +38,7 @@
 my $zone;
 my @status;
 my @auto;
+my @manu;
 my @old_zone_content;
 my @new_zone_content;
 chomp( my $now_time = `date +%s` );    # aktuelle unixzeit
@@ -57,24 +58,27 @@
         if ( -e "$zdir/dsset-$zone." )  { unlink "$zdir/dsset-$zone." }
         if ( -e "$zdir/keyset-$zone." ) { unlink "$zdir/keyset-$zone." }
         for (`ls $master_dir/$zone/K*[key,private]`) { unlink $_ }
-    }
-
-    open( ZONE, "$master_dir/$zone/$zone" )
-        or die "$master_dir/$zone/$zone: $!\n";
-    @old_zone_content = <ZONE>;
-    close(ZONE);
 
-    for (@old_zone_content) {
-        unless (/dnssec-(ksk|zsk)/) {
-            push @new_zone_content, $_;
+        print "keys removed \n";
+        
+        open( ZONE, "$master_dir/$zone/$zone" )
+            or die "$master_dir/$zone/$zone: $!\n";
+        @old_zone_content = <ZONE>;
+        close(ZONE);
+        
+        for (@old_zone_content) {
+            unless (/dnssec-(ksk|zsk)/) {
+                push @new_zone_content, $_;
+            }
         }
-    }
 
-    open( ZONE, ">$master_dir/$zone/$zone" )
-        or die "$master_dir/$zone/$zone: $!\n";
-    print ZONE @new_zone_content;
-    close(ZONE);
-
+        open( ZONE, ">$master_dir/$zone/$zone" )
+            or die "$master_dir/$zone/$zone: $!\n";
+        print ZONE @new_zone_content;
+        close(ZONE);
+        
+        push @manu, $zone;
+    }
 }
 
 # beendet den key-rollover
@@ -228,3 +232,10 @@
 
     print "$master_dir/$zone/$zone wurde neu erstellt \n";
 }
+
+# "toucht" alle zonen damit der serial erhoht wird und die
+# zone neu signiert wird
+for ( &del_double( @auto, @manu ) ) {
+        system "touch $master_dir/$_/$_";
+}
+
diff -r 1cea07056124 -r d1addc2ec712 dnssec-sign
--- a/dnssec-sign	Thu Aug 12 10:18:58 2010 +0200
+++ b/dnssec-sign	Fri Aug 13 10:09:37 2010 +0200
@@ -41,17 +41,22 @@
 my @zone_sig_content;
 my $sig_date;
 my $kc;
+my $serial_up = 0;
+
+for (@ARGV) {
+    if ( $_ eq "-s" ) {
+        $serial_up = 1;
+        shift @ARGV;
+    }
+}
 
 # prueft zonen aus ARGV und fuegt sie in die liste @manu ein
 for (@ARGV) {
     chomp( my $zone = `idn --quiet "$_"` );
 
-    if ( -e "$master_dir/$zone" ) {
+    if ( -e "$master_dir/$zone/.keycounter" ) {
         push @manu, $zone;
     }
-    else {
-        print "$zone ist keine verwaltete zone \n";
-    }
 }
 
 chomp( my $unixtime = `date +%s` );
@@ -99,6 +104,34 @@
     }
 }
 
+#erhoeht den serial der zone 
+for ( &del_double( @auto, @manu ) ) {
+    unless ($serial_up == 1) {
+        last
+    }
+
+    $zone = $_;
+    my @zonefile = ();
+    my $serial;
+
+    open ( ZONEFILE, "$master_dir/$zone/$zone")
+        or die "$master_dir/$zone/$zone: $!\n";
+    @zonefile = <ZONEFILE>;
+    close (ZONEFILE);
+
+    for (@zonefile) {
+        if (m#([0-9]{10}).*;.*serial#) {
+            $serial = $1 + 1;
+            s#(.*)([0-9]{10})(.*)#$1$serial$3#;
+        }
+    }
+
+    open ( ZONEFILE, ">$master_dir/$zone/$zone")
+        or die "$master_dir/$zone/$zone: $!\n";
+    print ZONEFILE @zonefile;
+    close (ZONEFILE);
+}
+
 # signiert alle zonen in @auto und @manu und erhoeht den wert in
 # der keycounter-datei
 for ( &del_double( @auto, @manu ) ) {
diff -r 1cea07056124 -r d1addc2ec712 update-serial
--- a/update-serial	Thu Aug 12 10:18:58 2010 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,193 +0,0 @@
-#! /usr/bin/perl
-# (c) 1998 Heiko Schlittermann <heiko@datom.de>
-#
-# … work in progress do integrate dnssec (branch suess)
-#
-# Update the serial numbers in zone files
-# The serial number needs to match a specified pattern (see
-# the line marked w/ PATTERN.
-#
-# ToDo:
-# . test against an md5 sum, not just the date of the stamp file
-# . FIXME: handle `/' in file names (currently only working in
-#   the current directory)
-# . optionally reload the named
-
-use strict;
-use warnings;
-
-use File::Basename;
-use File::Copy;
-use FindBin;
-
-my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
-my @dnssec_signs
-    = ( "$FindBin::Bin/dnssec-sign", "/usr/bin/dnstools/dnssec-sign" );
-my %config;
-my $dnssec_sign;
-my @change_names = ();
-
-foreach ( grep {-f} @configs ) {
-    open( CONFIG, $_ ) or die "Can't open $_: $!\n";
-}
-
-unless ( seek( CONFIG, 0, 0 ) ) {
-    die "Can't open config (searched: @configs)\n";
-}
-foreach ( grep {-f} @dnssec_signs ) {
-    if ( -x $_ ) {
-        $dnssec_sign = $_;
-    }
-    else {
-        die "Can't run $_\n";
-    }
-}
-
-while (<CONFIG>) {
-    chomp;
-    s/#.*//;
-    s/\t//g;
-    s/\s//g;
-    next unless length;
-    my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
-    $config{$cname} = $ccont;
-}
-close(CONFIG);
-
-my $bind_dir   = $config{bind_dir};
-my $conf_dir   = $config{zone_conf_dir};
-my $master_dir = $config{master_dir};
-
-my $ME = basename $0;
-my @tmpfiles;
-my $verbose = 0;
-my $opt_yes = 0;
-my @Zones;
-my $file;
-
-sub cleanup() { unlink @tmpfiles; }
-END { cleanup(); }
-
-for (@ARGV) {
-    if ( $_ eq "-y" ) {
-        $opt_yes = 1;
-        shift @ARGV;
-    }
-}
-
-@Zones = @ARGV ? @ARGV : glob("$master_dir/*");
-
-MAIN: {
-    my $changed;
-    my ( $dd, $mm, $yy ) = ( localtime() )[ 3 .. 5 ];
-    my $date;
-    $mm++;
-
-    foreach ( $dd, $mm ) { s/^\d$/0$&/; }
-    $yy += 1900;
-    $date = "$yy$mm$dd";
-
-    while ( my $file = shift @Zones ) {
-
-        my $file_basename = basename($file);
-
-        $file =~ s#($master_dir)(/.*)#$1$2$2#;
-        local ( *I, *O );
-        my $done = 0;
-
-        my $new   = "$file.$$.tmp";
-        my $bak   = "$file.bak";
-        my $stamp = $master_dir . "/.stamp/" . basename($file);
-
-        $file =~ /(\.bak|~)$/ and next;
-        $file !~ /\./ and next;
-
-        $verbose && print "$file:";
-
-        if ( -f $stamp && ( ( stat($stamp) )[9] >= ( stat($file) )[9] ) ) {
-            $verbose && print " fresh, skipping.\n";
-            next;
-        }
-
-        $done = 0;
-        push @tmpfiles, $new;
-        open( *I, "<$file" ) or die("Can't open < $file: $!\n");
-        open( *O, ">$new" )  or die("Can't open > $new: $!\n");
-
-        while (<I>) {
-            /^\s+((\d+)(\d{2}))\s*;\s*serial/i and do {    # PATTERN
-                my ( $sdate, $scount, $serial ) = ( $2, $3, $1 );
-                $done = 1;
-                print " [$file] serial $sdate$scount";
-
-                if   ( $date eq $sdate ) { $scount++; }
-                else                     { $sdate = $date; $scount = "00"; }
-
-                print " bumping to $sdate$scount";
-                s/$serial/$sdate$scount/;
-
-            };
-            print O;
-        }
-
-        close(O);
-        close(I);
-
-        if ($done) {
-
-            # copy($file, $bak) or die("Can't copy $file -> $bak: $!\n");
-
-            open( I, "<$new" )  or die("Can't open <$new: $!\n");
-            open( O, ">$file" ) or die("Can't open >$file: $!\n");
-            while (<I>) { print O or die("Can't write to $file: $!\n"); }
-            close(I) or die("Can't close $new: $!\n");
-            close(O) or die("Can't close $file: $!\n");
-
-            unlink $new;
-
-            open( O, ">$stamp" ) or die("Can't open >$stamp: $!\n");
-            close(O);
-            $changed++;
-
-            push @change_names, $file_basename;
-
-        }
-        else {
-            print " $file: no serial number found: no zone file?";
-        }
-        print "\n";
-    }
-
-    if ($changed) {
-        my $pidfile;
-
-        # dnssec - new sign
-        system "$dnssec_sign @change_names";
-        die "$dnssec_sign not found ($!)" if $? == -1;
-        exit 1 if $?;
-
-        print
-            "** Changed $changed files, the nameserver needs to be reloaded!\n";
-        foreach (
-            qw(/var/run/bind/run/named.pid /var/run/named.pid /etc/named.pid))
-        {
-            -f $_ and $pidfile = $_ and last;
-        }
-
-        if ($pidfile) {
-            if ($opt_yes) {
-                $_ = "y";
-                print "** Nameserver will be reloaded\n";
-            }
-            else { print "** Reload now? [Y/n]: "; $_ = <STDIN>; }
-            /^y|^$/i and system "rndc reload";
-        }
-        else {
-            print
-                "** No PID of a running named found.  Please reload manually.\n";
-        }
-
-    }
-}
-
-# vim:ts=4:sw=4:ai:aw:
diff -r 1cea07056124 -r d1addc2ec712 update-zone
--- a/update-zone	Thu Aug 12 10:18:58 2010 +0200
+++ b/update-zone	Fri Aug 13 10:09:37 2010 +0200
@@ -1,23 +1,40 @@
-#!/usr/bin/perl
+#! /usr/bin/perl
+# (c) 1998 Heiko Schlittermann <heiko@datom.de>
+#
+# … work in progress do integrate dnssec (branch suess)
+#
+# Update the serial numbers in zone files
+# The serial number needs to match a specified pattern (see
+# the line marked w/ PATTERN.
+#
+# ToDo:
+# . test against an md5 sum, not just the date of the stamp file
+# . FIXME: handle `/' in file names (currently only working in
+#   the current directory)
+# . optionally reload the named
 
 use strict;
+use warnings;
+
+use File::Basename;
+use File::Copy;
 use FindBin;
 
-# liest die Konfiguration ein
 my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
 my @dnssec_signs
     = ( "$FindBin::Bin/dnssec-sign", "/usr/bin/dnstools/dnssec-sign" );
 my %config;
 my $dnssec_sign;
+my @change_names = ();
 
-for ( grep {-f} @configs ) {
+foreach ( grep {-f} @configs ) {
     open( CONFIG, $_ ) or die "Can't open $_: $!\n";
 }
+
 unless ( seek( CONFIG, 0, 0 ) ) {
     die "Can't open config (searched: @configs)\n";
 }
-
-for ( grep {-f} @dnssec_signs ) {
+foreach ( grep {-f} @dnssec_signs ) {
     if ( -x $_ ) {
         $dnssec_sign = $_;
     }
@@ -41,84 +58,202 @@
 my $conf_dir   = $config{zone_conf_dir};
 my $master_dir = $config{master_dir};
 
-unless ( -d $master_dir and -r $master_dir ) {
-    die "$master_dir: $!\n";
+my $ME = basename $0;
+my @tmpfiles;
+my $verbose = 0;
+my $opt_yes = 0;
+my @Zones;
+my $file;
+
+sub cleanup() { unlink @tmpfiles; }
+END { cleanup(); }
+
+for (@ARGV) {
+    if ( $_ eq "-y" ) {
+        $opt_yes = 1;
+        shift @ARGV;
+    }
 }
 
-unless ( -d $bind_dir and -r $bind_dir ) {
-    die "$bind_dir: $!\n";
-}
+@Zones = @ARGV ? @ARGV : glob("$master_dir/*");
 
-# dnssec - new sign
-system "$dnssec_sign";
-die "$dnssec_sign not found ($!)" if $? == -1;
-exit 1 if $?;
+MAIN: {
+    my $changed;
+    my ( $dd, $mm, $yy ) = ( localtime() )[ 3 .. 5 ];
+    my $date;
+    $mm++;
 
 
-# prueft jede domain, die ein verzeichnis in $master_dir hat, ob es eine
-# datei $zone_file.signed gibt und ob diese datei in $config_file eingetragen
-# ist.
-# passt die eintraege in $config_file falls noetig an.
-while (<$master_dir/*>) {
-    s#($master_dir/)(.*)#$2#;
-    my $zone = $_;
+    # fuehrt automatische aktuallisierungen der zonen durch
+    system "$dnssec_sign";
+
+    # prueft jede domain, die ein verzeichnis in $master_dir hat, ob sie
+    # dnssec nutzt.
+    # passt die eintraege in $config_file falls noetig an.
+    while (<$master_dir/*>) {
+        s#($master_dir/)(.*)#$2#;
+        my $zone = $_;
 
-    my $zone_file = "$master_dir/$zone/$zone";
-    my $conf_file = "$conf_dir/$zone";
-    my @c_content;
+        my $zone_file = "$master_dir/$zone/$zone";
+        my $conf_file = "$conf_dir/$zone";
+        my @c_content;
+
+        unless ( -f "$conf_file" ) {
+            die "$conf_file: $! \n";
+        }
+
+        if ( -e "$master_dir/$zone/.keycounter" ) {
+
+            open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
+            @c_content = <FILE>;
+            close(FILE);
 
-    unless ( -f "$conf_file" ) {
-        die "$conf_file: $! \n";
-    }
+            for (@c_content) {
+                if (m{(.*)($zone_file)(";)}) {
+                    print "$2 ==> $2.signed\n";
+                    $_ = "$1$2.signed$3\n";
+                }
 
-    if ( -f "$zone_file.signed" ) {
+                open( FILE, ">$conf_file" ) or die "$conf_file: $!\n";
+                print FILE @c_content;
+                close(FILE);
 
-        open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
-        @c_content = <FILE>;
-        close(FILE);
+            }
+        }
+        else {
+
+            open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
+            @c_content = <FILE>;
+            close(FILE);
 
-        for (@c_content) {
-            if (m{(.*)($zone_file)(";)}) {
-                print "$2 ==> $2.signed\n";
-                $_ = "$1$2.signed$3\n";
+            for (@c_content) {
+                if (m{(.*)($zone_file)\.signed(.*)}) {
+                    print "$2.signed ==> $2\n";
+                    $_ = "$1$2$3\n";
+                }
             }
-
+    
             open( FILE, ">$conf_file" ) or die "$conf_file: $!\n";
             print FILE @c_content;
             close(FILE);
-
         }
     }
-    else {
+
+    # erzeugt eine named.conf-datei aus den entsprechenden vorlagen.
+    open( TO, ">$bind_dir/named.conf.zones" )
+        or die "$bind_dir/named.conf.zones: $!\n";
+    while (<$conf_dir/*>) {
+        open( FROM, "$_" ) or die "$_: $! \n";
+        print TO <FROM>;
+        close(FROM);
+    }
+    close(TO);
 
-        open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
-        @c_content = <FILE>;
-        close(FILE);
+    # update-serial
+    foreach ( $dd, $mm ) { s/^\d$/0$&/; }
+    $yy += 1900;
+    $date = "$yy$mm$dd";
+
+    while ( my $file = shift @Zones ) {
+
+        my $file_basename = basename($file);
+
+        $file =~ s#($master_dir)(/.*)#$1$2$2#;
+        local ( *I, *O );
+        my $done = 0;
+
+        my $new   = "$file.$$.tmp";
+        my $bak   = "$file.bak";
+        my $stamp = $master_dir . "/.stamp/" . basename($file);
 
-        for (@c_content) {
-            if (m{(.*)($zone_file)\.signed(.*)}) {
-                print "$2.signed ==> $2\n";
-                $_ = "$1$2$3\n";
-            }
+        $file =~ /(\.bak|~)$/ and next;
+        $file !~ /\./ and next;
+
+        $verbose && print "$file:";
+
+        if ( -f $stamp && ( ( stat($stamp) )[9] >= ( stat($file) )[9] ) ) {
+            $verbose && print " fresh, skipping.\n";
+            next;
+        }
+
+        $done = 0;
+        push @tmpfiles, $new;
+        open( *I, "<$file" ) or die("Can't open < $file: $!\n");
+        open( *O, ">$new" )  or die("Can't open > $new: $!\n");
+
+        while (<I>) {
+            /^\s+((\d+)(\d{2}))\s*;\s*serial/i and do {    # PATTERN
+                my ( $sdate, $scount, $serial ) = ( $2, $3, $1 );
+                $done = 1;
+                print " [$file] serial $sdate$scount";
+
+                if   ( $date eq $sdate ) { $scount++; }
+                else                     { $sdate = $date; $scount = "00"; }
+
+                print " bumping to $sdate$scount";
+                s/$serial/$sdate$scount/;
+
+            };
+            print O;
         }
 
-        open( FILE, ">$conf_file" ) or die "$conf_file: $!\n";
-        print FILE @c_content;
-        close(FILE);
+        close(O);
+        close(I);
+
+        if ($done) {
+
+            open( I, "<$new" )  or die("Can't open <$new: $!\n");
+            open( O, ">$file" ) or die("Can't open >$file: $!\n");
+            while (<I>) { print O or die("Can't write to $file: $!\n"); }
+            close(I) or die("Can't close $new: $!\n");
+            close(O) or die("Can't close $file: $!\n");
+
+            unlink $new;
+
+            open( O, ">$stamp" ) or die("Can't open >$stamp: $!\n");
+            close(O);
+            $changed++;
+
+            push @change_names, $file_basename;
+
+        }
+        else {
+            print " $file: no serial number found: no zone file?";
+        }
+        print "\n";
     }
+
+    if ($changed) {
+        my $pidfile;
+
+
+        print
+            "** Changed $changed files, the nameserver needs to be reloaded!\n";
+        foreach (
+            qw(/var/run/bind/run/named.pid /var/run/named.pid /etc/named.pid))
+        {
+            -f $_ and $pidfile = $_ and last;
+        }
+
+        # dnssec-sign aufruf fuer geanderten domains
+        system "$dnssec_sign @change_names";
+        die "$dnssec_sign not found ($!)" if $? == -1;
+        exit 1 if $?;
+
+        if ($pidfile) {
+            if ($opt_yes) {
+                $_ = "y";
+                print "** Nameserver will be reloaded\n";
+            }
+            else { print "** Reload now? [Y/n]: "; $_ = <STDIN>; }
+            /^y|^$/i and system "rndc reload";
+        }
+        else {
+            print
+                "** No PID of a running named found.  Please reload manually.\n";
+        }
+
+    }
+
 }
 
-# erzeugt eine named.conf-datei aus den entsprechenden vorlagen.
-open( TO, ">$bind_dir/named.conf.zones" )
-    or die "$bind_dir/named.conf.zones: $!\n";
-while (<$conf_dir/*>) {
-    open( FROM, "$_" ) or die "$_: $! \n";
-    print TO <FROM>;
-    close(FROM);
-}
-close(TO);
-
-
-system "named-checkconf";
-system "named-checkconf -z";
-system "rndc reload";